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Overview 



Why litigation should be considered an IT risk 

Overview of litigation 
j How you can help or hurt 
j Some examples 
j What works and doesn't work 



Disclaimer 

• I don't work for Microsoft 

• While I am an attorney, I'm not your attorney 

• This is not legal advice 

i This talk is for informational and entertainment 
purposes only 

• Names have been changed to protect the guilty 

® U.S. Federal law will be discussed. Your local 
jurisdiction may have different rules 

• This area of law is in flux. What is good law today may 
not be next month. 
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Civil Litigation as IT risk 

• Allows outsiders to access sensitive information 

• Exposes you and your organization to potential financial 
losses 

® Litigation tends to distract organizations 
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Quick overview of litigation 

m Civil lawsuit 
j Some dispute 
j Starts with a complaint 

o Which lists all legally supported claims 
• Discovery 

• Each side produces all 'responsive' information in their hands 

• Good faith & sanctions if not followed 
o Overreach and mistakes are common 

• Each side gets to depose (interview under oath) selected 
individuals from the other side 

• Subpoena (information from third parties with relevant info)_ 
j Settlement/trial/arbitration 

Your logo here 



I'm not a lawyer, what's all this to do with me? 

• Federal Rules of Civil Procedure 

j Ground rules for civil suits in Federal System 
j State courts borrow or adopt Federal rules 

• FRCP 26 (Discovery) (named party)_ 

j Automatic disclosure for all facts supporting claims & 
defenses 

j Disclosure of all 'custodians' and sources of 'Electronically 
Stored Information' 

• FRCP 45 (Subpoena) (third party)_ 

j Court backed demand to a third party 

• Limitations 

j 'overly burdensome' in relation to controversy 

o privileged information Your logo here 
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What is ESI? 

• Still open to interpretation 

• Firm rulings on: 

• Email 

• Digital documents (Office, PDF...)_ 
oVoicemail (if stored)_ 

• Backup tapes (may be unduly burdensome)_ 

• slack/unallocated/deleted space on drives 

• Some precedent on 

• Contents of RAM 

• Forced logging on public servers 
• Torrentspy 
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How lawyers think about ESI 

• 'Custodian' based 

j What people have control over/created what? 

• Email & Edocs 

j Email- self explanatory 

o Edocs- all human understandable files 

• MS Office, Pdf... 

• Presumption of printability 

m But- Sometimes lawyers get creative 

• Litigation tactics 

o Relevant info might be there 
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So, what happens with discovery? 

• Litigation hold 

m Preserve all potentially responsive documents & data 

• Collections 

m Identify who may have what documents 

o Copy and collect 
o Very broad sweep 

• Rule 26 discovery conference 

j Each side discusses the sources and people they have, 
sets schedule and format(s)_ 

• Privilege & responsiveness review 

• Production 

• Substantive review 
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Why is litigation so expensive? 

• Every document, email or file gets reviewed 

m Once for privilege & responsiveness 

o Once again for substance 

j Substantive documents are re-reviewed in preparation for 
depositions/trial 

• Review is performed by attorneys or J.D.s 

j $90-$150/hour 

j Supervised by more senior attorneys & partners (more $)_ 

• Not much incentive to reduce costs 

j Risk adverse lawyers 
j High stakes litigation 
j Cost-plus billing 
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Why litigation is expensive, continued, or the $120 email 

• Alice sends an email with a three page .doc attachment to 
five people 

• Alice's company is in litigation, and Alice & her group is 
relevant to the suit 

• Each email and attachment reviewed for responsiveness 

m Responsiveness review (1*$1.50/min)(4 pages)(6 
people)=$36 

» Marked responsive- sent to substantive coding 
(1.5*$1.50/min)(4 pages) (6 people)= $54 

ft Re-reviewed by senior associate (6*$5/min)= $30 

• I'm not including the costs of any responses to Alice's 
email, or if the email was actually important. 
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That was the mundane, now the terrifying 

• Discovery sanctions 

j Failure to produce or preserve discoverable material 
j Depending on severity can result in 

• Some of other side's legal fees 

• Other side's expert fees to recover data 

• Fines 

o Adverse inference 
Q Dismissal of claim or defense 
m Dismissal of lawsuit (or loss of suit)_ 
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Discovery as privacy/security risk 

• Unclear borders between personal and business 

m Working from home 
o Personal at work 
9 Broad discovery sweep to law firm 

• Law firm may have inadequate security 

• Third and fourth party vendors may have inadequate 
security 

• The loyalty of short term contractors may be questionable 

• Humans make mistakes 

j Personal info slipping past privilege/responsiveness review 
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Ok, you have my attention. But what can I do? 

# Prelitigation 

• ESI audit 

• Identify all sources of ESI and determine their likely contents 

• Consider everything 
j Retention/destruction policy 

• This is harder than it sounds 
m Field's law of unintended consequences 

• ex- Stupid retention policies means printed email 
j Following your own policy 

• Use policies 

• Remote access with personal PCs 
m use of personal email accounts for work 
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More pre-litigation ideas 

• Implement a collection plan or system 

j End-user PCs 

m Remote collection is nice 

o You may already have the tools 

• Forensic systems can be clunky and unreliable IMHO 

o Consider security risks- anything that can collect can be 
exploited 

o File servers 

j Search and collection packages out there to fit all sorts of 
budgets 
• But if you're creative, you can go cheap 

j Consider security risks- index capability has to be able to 
access all user files 
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Even more pre-litigation ideas 

• Backup systems 

j Consider creating lit hold/collections routines 

j Apply document retention policy to backups 
m Including those one-offs only you know about 
m New equipment purchases 

j Consider ease of preservation/collection 
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Next stage- Litigation likely or filed 

• Litigation hold 

j You'll have to test and enforce it 

m Cooperate with the lawyers (but make sure everyone's 
realistic) 

m Now may be the time to ask for some additional storage 
capacity- doesn't have to be high performance or availability 

• Rule 26 conference 

j Determine cost & time estimates to pull data from 
obsolete/odd formats/backups 

m Assist in working out technical plan for producing info 

• Be prepared to call bullshit on opposing side 

• Select third party vendors 
j Security audit if you're paranoid 
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Litigation commencing 

• Collections 

m Locate sources of responsive ESI 
Collect with minimal intrusiveness 
m Interact with third party vendor for cost-cutting measures 
• De-duplication of identical files 

• Consider scope limitation on your end as well 
j Simplifying forensics if necessary 
j Assist with unusual formats 

• Identify and quantify 'unduly burdensome' issues 

m Restoration of old PCs 

• Depositions 

j Explain what you did to collect ESI 
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A few cautionary tales 

• ABC Insurance Co. 

j Class action suit filed in '05 

j Running EMC 2 SAN with Tivoli Storage Manager at 30% 
capacity 

j Overbroad and vague lit hold order 

• Work groups and disk shares not 1to1 

o Individual users have multiple and inconsistent shares 

Q Legal team says save & preserve all of it- repeated weekly full 
backups 

• Lead sysadmin quits 

j Sees writing on wall 
j What could have fixed this? 

o Ongoing dialog between IT & Legal Your logo here 
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A few things that work... 

• Preparation 

o Add discovery prep to your existing audits 

j Save user & permissions lists 

m Build systems to search against existing shares and test 

• Sensible and enforceable document retention policies 

j Decommissioning procedures are now important 

• Two way communication with regulatory and legal 
departments 

• Try walking over and introducing yourself 

• Documentation and policies 

m If you actually do so 
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...and don't 

• Fiefdoms within and around the organization 

• 'Leaving things be' 

• Documentation and policies 
j If they aren't followed 
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Questions? 
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